From e69219184b1a3262ec5e617d30337b6431c9840c Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 8 Aug 2018 14:58:21 +0200
Subject: Implement user blocking on server side

---
 server/lib/oauth-model.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'server/lib')

diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index 3adcce7b0..f13c25795 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -1,3 +1,4 @@
+import { AccessDeniedError} from 'oauth2-server'
 import { logger } from '../helpers/logger'
 import { UserModel } from '../models/account/user'
 import { OAuthClientModel } from '../models/oauth/oauth-client'
@@ -34,6 +35,8 @@ async function getUser (usernameOrEmail: string, password: string) {
   const passwordMatch = await user.isPasswordMatch(password)
   if (passwordMatch === false) return null
 
+  if (user.blocked) throw new AccessDeniedError('User is blocked.')
+
   return user
 }
 
@@ -67,9 +70,7 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User
   }
 
   const tokenCreated = await OAuthTokenModel.create(tokenToCreate)
-  const tokenToReturn = Object.assign(tokenCreated, { client, user })
-
-  return tokenToReturn
+  return Object.assign(tokenCreated, { client, user })
 }
 
 // ---------------------------------------------------------------------------
-- 
cgit v1.2.3